Chelsea Manning Continues Fight Against Unfair Hacking Charge

Chelsea Manning Continues Fight Against Unfair Hacking Charge

Whistleblower Chelsea Manning was released from prison more than a year ago, after former President Barack Obama commuted her sentence for releasing military and diplomatic records to WikiLeaks. But her case still continues, as Manning wants to appeal her original conviction—including one charge under a controversial a federal anti-hacking law.

The Computer Fraud and Abuse Act (CFAA) is intended to punish people for breaking into computer systems. Yet Manning didn’t break into anything. Instead, she was found guilty of violating the CFAA for using a common software utility called Wget to access a State Department database—a database she was generally authorized to access—in violation of a computer use policy. The policy prohibited the use of unauthorized software, even though the prohibition, which covers everything from computer games to simple automated Web browsing tools like Wget, is rarely enforce by the chain of command. Prosecutors have argued that Manning’s use of the Wget software violates the law’s provision again intentionally exceeding “authorized access” to a computer connected to the Internet.

But as EFF and the National Association of Criminal Defense Lawyers (NACDL) argued in an amicus brief filed last week in Manning’s request for a hearing on appeal, violating an employer’s policy on computer use is not a crime under the CFAA. If it were, then it would turn scores of people into criminals for things like browsing Facebook or viewing online sports scores at work. It would also threaten the work of researchers and journalists, who increasingly rely on common automated Web browsing tools to more efficiently access publicly available information on the Internet so that they can do their work, even though such tools are often prohibited in websites’ terms of service. Overzealous prosecutors and private companies have long taken advantage of the CFAA’s vague language to threaten criminal charges that go beyond Congress’s original goal to police computer crime, and Manning is only one of the latesthigh-profilevictims.

We can’t have ordinary online behavior—such as the use of simple, common tools for making it easier to collect publicly available information—become a federal criminal offense. Four other circuit courts have agreed. We hope the United States Court of Appeals for the Armed Forces takes Manning’s case and helps bring some fairness to the CFAA.

Related Updates

The century-old tradition that the Espionage Act not be used against journalistic activities has now been broken. Seventeen new charges were filed yesterday against Wikileaks founder Julian Assange. These new charges make clear that he is being prosecuted for basic journalistic tasks, including being openly available to receive...

The recent arrest of Wikileaks editor Julian Assange surprised many by hinging on one charge: a Computer Fraud and Abuse Act (CFAA) charge for a single, unsuccessful attempt to reverse engineer a password. This might not be the only charge Assange ultimately faces. The government can add more...

While the indictment of Julian Assange centers on an alleged attempt to break a password—an attempt that was not apparently successful—it is still, at root, an attack on the publication of leaked material and the most recent act in an almost decade-long effort to punish a whistleblower and the...

There’s a lot of legitimate concern these days about Internet giants and the lack of competition in the technology sector. It’s still easy and cheap to put up a website, build an app, or organize a group of people online, but a few large corporations have outsized power over the...

In a letter to Georgia Gov. Nathan Deal, 55 cybersecurity professionals from around the country are calling for a veto for S.B. 315, a state bill that would give prosecutors new power to target independent security researchers. This isn’t just a matter of solidarity among those in the profession...

Despite the full-throated objections of the cybersecurity community, the Georgia legislature has passed a bill that would open independent researchers who identify vulnerabilities in computer systems to prosecution and up to a year in jail. EFF calls upon Georgia Gov. Nathan Deal to veto S.B. 315 as soon as...

Last weekend’s Cambridge Analytica news—that the company was able to access tens of millions of users’ data by paying low-wage workers on Amazon’s Mechanical Turk to take a Facebook survey, which gave Cambridge Analytica access to Facebook’s dossier on each of those turkers’ Facebook friends—has hammered home two problems: first...

A misguided bill in Georgia (S.B. 315) threatens to criminalize independent computer security research and punish ordinary technology users who violate fine-print terms of service clauses. S.B. 315 is currently making its way through the state’s legislature amid uproar and resistance that its sponsors might not have fully anticipated...

Good news out of the Ninth Circuit: the federal court of appeals heeded EFF’s advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle’s website in a manner it didn’t like. The court ruled back in 2012 that merely violating a...

The latest on the Computer Fraud and Abuse Act? It’s still terrible. And this year, the detrimental impacts of the notoriously vague and outdated criminal computer crime statute showed themselves loud and clear. The statute lies at the heart of the Equifax breach, which might have been averted if...